This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hitachi First view 2007-01-25
Product Ucosminexus Developer Standard Last view 2007-11-05
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_10_01:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_20:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_20_01:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_00_01:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_00_02:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_00:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_50:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_00_03:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_10:*:windows:*:*:*:*:* 3
cpe:2.3:a:hitachi:ucosminexus_developer_standard:07_50:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
5 2007-11-05 CVE-2007-5810

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

4.3 2007-11-05 CVE-2007-5809

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

5 2007-10-08 CVE-2007-5281

The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698.

4.3 2007-09-08 CVE-2007-4760

The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503.

6.8 2007-01-25 CVE-2007-0514

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
50% (2) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
42027 Hitachi Web Server Server-status Page Creation Unspecified XSS
42026 Hitachi Web Server SSL Client Certification Validation Weakness
37862 Hitachi Cosminexus Developer's Kit for Java Java Secure Socket Extension (JSS...
36781 Hitachi Cosminexus Products javadoc Tool Unspecified XSS
32998 Hitachi Web Server Image Maps XSS
32997 Hitachi Web Server HTTP Expect Header XSS